A lesson to rememberWe assume that the Internet is working and is a secure platform. We use the Internet for very personal things such as dating, shopping online, communicating, managing our finances and more.
The problem with the Internet is that when something goes wrong, it can get very bad, very quickly! So when something as major as the Heartbleed vulnerability happens, the impact is enormous. The Heartbleed bug made it possible for attackers to breach a website’s security to snatch up information on encryption keys, usernames, and passwords. A simple patch will not take that information away from hackers that already gathered it. The patch will ensure that sites are not vulnerable to the future exploits of the bug, but a great wall clearly will not solve a kingdom's problems if it is already been raided. It is critically important to note and remember that software is just software and there will always be vulnerabilities in it. We need to start understanding that even though we backup, encrypt and protect against malicious code, we still have sensitive data – data that can leak. And if this data gets leaked, we need to do everything we can to make the data as useless as possible for the person who obtains it. |
Actions to be takenAlthough most of the biggest websites have patched the problem, there is still more to do, and users of those websites also have to take action to ensure their data is safe.
Once the websites have completed protecting themselves, it’s time for web users to fix their own vulnerabilities. Security firms like Codenomicon, which discovered the Heartbleed vulnerability, have built programs to automatically test computer systems, making bug testing quicker and less expensive. IT professionals talk a lot about “defensive programming,” and urge businesses to realize that is most cost effective to spend time and money testing for bugs than it is trying to recover from a hacker attack. As for individual computer users, there are several small things to do to be safer online. Users should choose a different password for every website they use, write them down on paper and store that paper in a safe place. Wi-Fi customers can ask their service providers how to disable WPS and keep their routers safer. People also should take advantage of free malware detection software like Malwarebytes. In general, security experts think everyone can be safer online with a little bit more computer literacy. In the same way that most car owners may not be mechanics but still understand the basic of how a car works and how to protect it, users need to understand how their computer and the Internet works in order to defend against the next security crisis. References: [1] Merkel, Robert (2014-04-11). "How the Heartbleed bug reveals a flaw in online security". The Conversation. [2] Neal, Ryan (2014-04-17). " Hackers Warn About Future Threats: How To Guard Against The Next Heartbleed". International Business Plan. Retrieved on April 22 2014, from: http://www.ibtimes.com/hackers-warn-about-future-threats-how-guard-against-next-heartbleed-1573074 |